Some electronic service providers use conventional adaptive authentication systems that assess a risk of processing customer transactions. For example, an online bank may employ such a risk-based authentication system to assign risk scores to banking transactions where higher risk scores indicate higher risk.
In generating a risk score, an adaptive authentication system takes as input values of various transaction attributes (e.g., time of receipt, geolocation, transaction amount). For each customer of the online bank, there is an associated history based on values of the attributes associated with previous transactions involving that customer. The adaptive authentication system incorporates the history associated with the customer into an evaluation of the risk score. Significant variation of one or more attribute values from those in the customer's history may signify that the banking transaction has a high risk.
For example, suppose that a particular customer historically submitted transaction requests to the online bank at about 5 PM from London, and, under the customer's identifier, a user submits a new transaction request at 2 AM from Texas. In this case, the risk engine would assign a larger risk score to a transaction resulting from the new transaction request.